Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Charlie Miller Takes on NFC, Charlie Miller Wins

LAS VEGAS–Do not stand near Charlie Miller. Actually, you might not even want to let him walk past you. It’s not that Miller is a bad person, you understand. The problem is that Miller has figured out a couple of methods that enable him–or an attacker–to use the NFC chip in some phones to exploit vulnerabilities in the phones’ software and force users to visit a Web site or even gain complete control of the phone.

LAS VEGAS–Do not stand near Charlie Miller. Actually, you might not even want to let him walk past you. It’s not that Miller is a bad person, you understand. The problem is that Miller has figured out a couple of methods that enable him–or an attacker–to use the NFC chip in some phones to exploit vulnerabilities in the phones’ software and force users to visit a Web site or even gain complete control of the phone.

The attacks that Miller developed rely on the NFC (near-field communication) short-range wireless communication protocol that is used for mobile payments, file transfers and other transactions. The range of the NFC chips, which are in some phone models such as the Nexus S and Nokia N9 now and will be in many more in the near future, is quite small, a few centimeters. Miller, best-known for his research on iOS, used funds from the DARPA Cyber Fast Track program to look at the security properties of NFC as it’s implemented in current phones and devices. What he found was that he could place a simple NFC tag next to a Nexus S and force the phone’s browser to open an arbitrary Web site.

The Nexus S runs on Android and Miller used the technique, along with a known vulnerability in an older version of the OS to perform the attack. He demonstrated the technique, along with another attack that leverages NFC, during a talk at the Black Hat conference here Wednesday. He can use that Android attack in order to point the user’s device to a malicious Web site and then gain complete control of the phone.All of this by just standing close by or bumping into a victim. The bug in Android that Miller exploits in his attack has been fixed in current versions of Android, but many carriers are slow to push new versions to users, who are, in turn, slow to install updates.

In addition to the work on Nexus S, Miller also did some research on the way that the Nokia N9 Meego operating system handles Bluetooth connections. Under the default settings on the device, Miller found that he could force the phone to pair with any device over Bluetooth by presenting the phone with an NFC tag. The attack works even if the user has Bluetooth pairing disabled on the device, because the phone will allow pairing via NFC.

Once the device is paired with the attacker’s phone, the attacker can get complete access to everything on the N9.

NFC is used extensively in Europe and Asia and one of the main applications is for mobile payments. Users with NFC-enabled phones can set up payment accounts linked to the devices and then use them at specially designed point-of-sale terminals or vending machines. The technology hasn’t shown up widely in the United States yet, but that may change soon. There are rumors that the next iPhone will have an NFC chip, a development that would provide a broad user base and incentive for retailers to deploy NFC-enabled terminals.

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.